Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus Gold [RESOLVED]


  • This topic is locked This topic is locked

#1
rixwerne

rixwerne

    New Member

  • Member
  • Pip
  • 5 posts
Help me remove the Antivirus Gold virus from my my PC. It comes up as a black screen (background), and warns me every minute that my PC is infected.

Regards
Werner
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi rixwerne

Please post a HijackThis.log so we can take a look at your system

Kc :tazz:
  • 0

#3
rixwerne

rixwerne

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Logfile of HijackThis v1.99.1
Scan saved at 03:49:50 PM, on 2005/06/17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\inet10047\winlogon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system\lsass.exe
C:\WINDOWS\system\services.exe
C:\WINDOWS\system32\hookdump.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10047/
F3 - REG:win.ini: run=C:\WINDOWS\inet10047\winlogon.exe
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll (file missing)
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet10047\winlogon.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MS Security Authority Service] C:\WINDOWS\system\lsass.exe
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet10047\winlogon.exe
O4 - HKCU\..\Run: [Windows Service Controller] C:\WINDOWS\system\services.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {CB6AE1E3-2FBA-456E-B44A-A3C55DD4DF19} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CB6AE1E3-2FBA-456E-B44A-A3C55DD4DF19} - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C1D7AB9-F452-47D1-A690-3F07486D0414}: NameServer = 196.25.255.34 196.25.255.3
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

:tazz:
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi rixwerne

Please read through the instructions before you start (you may want to print this out).

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Download Pocket Killbox and unzip it; save it to your Desktop.

Please RIGHT-CLICK here and go to Save As (in Internet Explorer it's "Save Target As") in order to download Metallica’s reg file. Save it to your desktop.

Please set your system to show all files; please see here if you're unsure how to do this.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10047/
F3 - REG:win.ini: run=C:\WINDOWS\inet10047\winlogon.exe
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll (file missing)
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet10047\winlogon.exe
O4 - HKLM\..\Run: [MS Security Authority Service] C:\WINDOWS\system\lsass.exe
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet10047\winlogon.exe
O4 - HKCU\..\Run: [Windows Service Controller] C:\WINDOWS\system\services.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe

Click on Fix Checked when finished and exit HijackThis.

Now run Metallica’s smitfraud.reg

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\inet10047<--Delete the whole foder
C:\WINDOWS\system\gglib.exe
C:\WINDOWS\system\services.exe
C:\WINDOWS\system32\hookdump.exe

Exit Explorer.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Reboot as normal

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda, Ewido HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#5
rixwerne

rixwerne

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Many thanks, all the naughty little virusses have disappeared. :tazz:
  • 0

#6
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi rixwerne

How about posting a new HijackThis and the pada scan then we will see what is left on your system.

Kc :tazz:
  • 0

#7
rixwerne

rixwerne

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:54:20 AM, on 2005/06/18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {CB6AE1E3-2FBA-456E-B44A-A3C55DD4DF19} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CB6AE1E3-2FBA-456E-B44A-A3C55DD4DF19} - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C1D7AB9-F452-47D1-A690-3F07486D0414}: NameServer = 196.25.255.34 196.25.255.3
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Sorry, the Panda software does not download.

regards
Werner
  • 0

#8
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi rixwerne

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O9 - Extra button: Microsoft AntiSpyware helper - {CB6AE1E3-2FBA-456E-B44A-A3C55DD4DF19} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CB6AE1E3-2FBA-456E-B44A-A3C55DD4DF19} - (no file) (HKCU)

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\Security iGuard\Security iGuard.exeExit Explorer.Reboot as normal.

Panda only works with internet explorer
Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#9
rixwerne

rixwerne

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi,

Still having difficulty downloading Panda. Housecall successfully completed - no warnings.
Regards
Werner :tazz:
  • 0

#10
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi rixwerne

Please post a HJT.log

Kc :tazz:
  • 0

#11
Guest_thatman_*

Guest_thatman_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP